全部回复

No version of the Exchange supports RODC. You can't keep FSMO role on the RODC because FSMO role holder DC writes into AD. ROdc needs to contact RWDC because RODC alone can't work. RODC needs to cache machine password to create a secure channel with RODC
else it will create secure channel with RWDC and the reason is RODC can't issue kerberos ticket.

Setting up a trust and migrate with ADMT would be much more easier – setting up a trust isn’t really a security risk more than users within the directories can browse each directory and perform cross-authentications. (trying to split a domain will leave
each site with a database that contains all passwords for all users)

If there is an absolute requirement that you can’t setup a trust I would looking to Quest and QMM as I believe they have a solution for migrating with out establishing a trust.